Attacks/Breaches
2/19/2014
05:05 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

SANS-Norse Cyberthreat Report Reveals that Cyberattacks Are Causing an Epidemic of Compromises at Healthcare Organizations

Norse Global Threat Intelligence Platform Identifies Healthcare Organizations' Compromised Networks, Applications, Devices and Systems

PR Newswire -- February 19, 2014

SAN MATEO, Calif., Feb. 19, 2014 /PRNewswire/ -- Norse, a leading provider of live threat intelligence-based security solutions, in association with SANS, the most trusted and largest source for information security training, certification and research, today released the SANS-Norse Healthcare Cyberthreat Report.

Senior SANS Analyst and Healthcare Specialist Barbara Filkins developed the report with intelligence gathered by the Norse global threat intelligence platform. The report reveals that the networks and Internet-connected devices of organizations in virtually every healthcare category -- from hospitals to insurance carriers to pharmaceutical companies -- have been and continue to be compromised by successful attacks. A network compromise often leads to a data breach, potentially exposing the personally identifiable information of millions of consumers as well as the organization's own intellectual property and billing systems. In addition, these compromised networks allow cybercriminals to use the organization's network infrastructure and devices to launch attacks on other networks and to execute billions of dollars worth of fraudulent transactions.

(Logo: http://photos.prnewswire.com/prnh/20131212/AQ32329LOGO)

TWEET THIS: Epidemic of #cyberattacks compromising healthcare organizations, as reported by @SANSInstitute & @NorseCorp: http://bit.ly/1c0nCs1

The report reveals many findings and salient conclusions. Among the most alarming were the following:

-- 49,917 unique events of a malicious nature took place within the healthcare IT environment during the period when intelligence was gathered; this was a small sample of the data gathered during that period.

-- Networks and devices at 375 U.S.-based healthcare-related organizations were compromised during this period, and some of them are still compromised.

-- Compromised devices included everything from radiology imaging software, to firewalls, to Web cameras, to mail servers.

-- A significant number of compromises came about due to very basic issues such as not changing default credentials on firewalls.

"This level of compromise and control could easily lead to a wide range of criminal activities that are currently not being detected. For example, hackers can engage in widespread theft of patient information that includes everything from medical conditions to social security numbers to home addresses, and they can even manipulate medical devices used to administer critical care," said Filkins. "For many organizations governed by stringent regulations such as the Healthcare Insurance Portability and Accountability Act (HIPAA), compromises and breaches lead to massive fines. In 2013, fines ranged from $150,000 and went up to $1.7 million in the widely publicized WellPoint case."

All Providers Feel the Impact

Norse identified compromised devices and networks with its global threat intelligence infrastructure, a network of more than six million sensors and next-generation honeypots located in 38 global data centers and 20 major Internet exchanges. When compromised organizations emanate malicious IP traffic, the infrastructure detects it and immediately traces it back to the owner. A wide range of organizations emanated malicious IP traffic, many of them for months and some for the duration of the study -- meaning they never detected their compromises and outbound malicious communications. Not only was this problematic for the target of the attack, but the open attack surface opened the doors for attacks on other organizations.

Although many types of organizations were compromised, one type produced the majority of malicious traffic:

-- Healthcare Providers -- 72% of malicious traffic

-- Healthcare Business Associates -- 9.9 percent of malicious traffic

-- Health Plans -- 6.1 percent of malicious traffic

-- Healthcare Clearinghouses -- 0.5 percent of malicious traffic

-- Pharmaceutical -- 2.9 percent of malicious traffic

-- Other Related healthcare entities -- 8.5 percent of malicious traffic "Cybersecurity in healthcare IT is such a huge issue, as evidenced by some of the statistics my surveys have uncovered," stated Larry Ponemon, Chairman of the Ponemon Institute. "With the Internet of Things expanding the attack surface, and current HIPAA and HITECH compliance not nearly providing enough security, healthcare organizations are falling further and further behind in their efforts to secure patient data. Such a large percentage of medical institutions have been victims of a cyberattack, and with costs resulting from such compromises numbering in the millions and billions, it's clear that security of healthcare data must become the priority for healthcare organizations. This report helps sound a very necessary alarm."

Consumers, Patients Paying Ultimate Price Although the vast majority of the compromised healthcare organizations are subject to regulations such as HIPAA and HITECH, it is equally important to point out that ongoing attacks and compromises are placing a significant financial burden on patients. Cybercrimes such as identity theft, stolen information and fraud not only place extreme inconvenience on individuals but also drive additional healthcare costs that patients may not be able to recover.

While most consumers are shielded against ecommerce-related theft and fraud expenses, they are responsible for costs related to compromised medical insurance records and files -- costs that reached $12 billion in 2013.

"What SANS and Norse have uncovered in this report is, in a word, alarming," stated Sam Glines, CEO of Norse. "The sheer number of attacks being perpetrated against healthcare organizations is overwhelming, while the defenses in place are not nearly enough to neutralize them. So although the healthcare industry continues to search for ways to protect its data, many organizations are still not able to properly safeguard critical data, and both companies and consumers are paying the price."

The SANS-Norse Healthcare Cyberthreat Report can be found here:

http://norse-corp.com/HealthcareReport2014.html

In addition, on Thursday, March 6, SANS and Norse will co-host a webinar to discuss "Exposing Malicious Threats to Healthcare IT." More information and the registration page can be found here:

https://www.sans.org/webcasts/exposing-malicious-threats-health-care-97320

For the latest news and developments out of Norse:

-- Follow Norse on Twitter: @NorseCorp

-- Like Norse on Facebook: https://www.facebook.com/NorseCorporation

-- Follow Norse on LinkedIn:

http://www.linkedin.com/company/norse-corporation

-- Subscribe to the Norse YouTube Channel:

http://www.youtube.com/user/norsecorporation

-- Read the Norse blog: http://norse-corp.com/blog-index.html

-- Add Norse to G+ Circles: https://plus.google.com/+Norse-corp/posts

About SANS

The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest source for world class information security training and security certification in the world, offering over 50 training courses each year. GIAC, an affiliate of the SANS Institute, is a certification body featuring over 27 hands-on, technical certifications in information security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system--the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community.

(www.SANS.org)

About Norse

Norse is the leading innovator in the live threat intelligence security market.

With the goal of transforming the traditionally reactive IT security industry, Norse offers proactive, intelligence-based security solutions that enable organizations to identify and defend against the advanced cyberthreats of today and tomorrow. Norse's synchronous, global platform is a patent-pending infrastructure-based technology that continuously collects and analyzes real-time, high-risk Internet traffic to identify the sources of cyber attacks and fraud. Norse is the only provider of live, actionable, cyberthreat intelligence that enables organizations to prevent financial fraud and proactively defend against today's most advanced cyber threats including zero day and advanced persistent threats. Norse has offices in Silicon Valley, St.

Louis, and Atlanta. Visit us online at norse-corp.com.

Media Contact:

Joe Franscella

Trainer Communications

925-271-8201

norse@trainercomm.com

SOURCE Norse

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
sdavis532
50%
50%
sdavis532,
User Rank: Apprentice
2/21/2014 | 3:49:16 PM
re: SANS-Norse Cyberthreat Report Reveals that Cyberattacks Are Causing an Epidemic of Compromises at Healthcare Organizations
What a bunch of unquantfied FUD. No background, no specifics, percentages of undefined traffic samples taken over an unspecified period. 375 "health-care related organizations" out of how many? How do the percentages compare to other industries? Oh wait that doesn't sell product or subscriptions.
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-0334
Published: 2014-10-31
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.

CVE-2014-2334
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

CVE-2014-2335
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

CVE-2014-2336
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335.

CVE-2014-3366
Published: 2014-10-31
SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.